List:General Discussion« Previous MessageNext Message »
From:Thimble Smith Date:April 4 2000 2:37am
Subject:Re: FILE privilege question
View as plain text  
On Mon, Apr 03, 2000 at 09:18:17PM -0400, David R. Saunders wrote:
>The other nice thing is that a perl script can read a password
>from this file and connect to the server; if the script is being
>run by a webserver with suexec enabled, then other webserver
>processes should not be albe to read this file.

This is a nice thing about suexec, not about perl.  You can do
the same thing with any CGI that is run under suexec.  You can
NOT do this with a perl script run under mod_perl (it has to run
as the web server user).

>(As an aside: I've not yet figured out how to protect an
>embedded password in php web pages or in Java classes.  The
>first could be read by other unix shell accounts, while the
>second could be grabbed through the net and then either a unix
>"strings" command or (if the password is in bytes) a java
>decompiler could be used to extract the password.)

For PHP, just use the CGI version of PHP and run it with suexec,
just like you do with Perl scripts.  I'm not sure about Java
right now....

>I can get around the problem with .my.cnf; it would be nice if
>the MySQL daemon would disallow direct reading of the database
>files.

Yes, good idea.  I'll look into it.

Tim
-- 
Tim Smith   < tim@stripped >  :MySQL Development Team:  Boone, NC  USA.
Thread
FILE privilege questionDavid R. Saunders3 Apr
Re: FILE privilege questionPaul DuBois3 Apr
  • Re: FILE privilege questionDavid R. Saunders4 Apr
    • Re: FILE privilege questionThimble Smith4 Apr
      • Re: FILE privilege questionPaul DuBois4 Apr
        • Re: FILE privilege questionDavid R. Saunders4 Apr
          • Re: FILE privilege questionThimble Smith4 Apr
        • Re: FILE privilege questionThimble Smith4 Apr